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CLAIM AMENDMENTS 



1 1. (currently amended) A method of preventing the loss 

2 of confidentiality of electronically stored data in a computer 

3 system [[(11, 12, 13)]], which data in particular is organized as a 

4 data system [[(103)]] and or subdivided into blocks, in particular 

5 with use of exchangeable and/or removable data carriers and/or 

6 storage medium, where in particular peripherals are connectable to 

7 the computer system [[(11, 12, 13 )]], characterized by the 
e following steps: 

9 analysis of the protocol and of the data stream [[(130, 

10 131)]] from and to data carriers and/or storage media [[(104)]] 

11 and/or peripheral devices; 

12 establishment of a classification, in particular for 

13 differentiation between nonremovable and removable data carriers 

14 and/or storage media [[(104)]]; 

is determination on the basis of the established 

16 classification, whether an encryption of the electronically stored 

17 data is required for preventing the loss of confidentiality of the 
is data and, depending on this determination, possibly 

is adding a cryptographic encryption [[(601, 602, 603)]] to 

20 the data system on a removable data carrier and/or a removable 

21 storage medium [ [ (104) ] ] , [ [and/] ] or performing a cryptographic 
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encryption on all or several blocks of the removable data carrier 
and/or of the removable storage medium [[(104)]] . 

2. (currently amended) The method according to claim 1, 
cha r a c t e riz e d by , further comprising the step of 

determining that an encryption [[(105)]] of all blocks 
of the data carrier/ storage medium [[(104)]] or an encryption 
[[(105)]] of all files [[(50)]] before storage on the data 
carrier/ storage medium [[(104)]] and that an encryption [[(105)]] 
of several files [[(50)]] before storage on the data carrier 
/storage medium [[(104)]] is carried out. 

3. (currently amended) The method according to claim 1 
o r 2, c ha r a c t er iz e d in that wherein a cryptographic encryption is 
added to each data system [[(103)]] on nonremovable [[and/]] or 
nonexchangeable data carriers [[and/]] or storage media [[(104)]]. 

4. (currently amended) The method according to o ne o f 
th e p r ece din g c laims, c hara c te r iz e d in that claim 3 wherein the 
cryptographic encryption [[(105)]] is temporarily suspended when 
particular features are shown. 
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1 5. (currently amended) The method according to o n e o f 

2 th e prec edin g c laims , c hara c t er iz e d in that claim 1 wherein when a 

3 data carrier [[and/]] or a storage medium [[(104)]] without data 

4 system [ [are] ] is used, an encryption of all blocks is carried out 

5 and access is prevented. 

1 6. (currently amended) The method according to o n e o f 

2 th e pr e ce din g c laims, c ha r act e ri ze d in that claim 1 wherein an 

3 encryption [[(105)]] is performed when removable data carriers and 

4 or removable storage media (104) , — in particula r fl o p p y disks, 

5 mem or y sti c ks, CD - RW, DVD - RW and th e lik e , are used. 

1 7. (currently amended) The method according to o ne o f 

2 th e p re ce din g c laims, c ha r a c t e riz e d in that claim 1 wherein an 

3 encryption [[(105)]] is performed when removable data carriers 

4 [ [and/] ] or nonremovable storage media [ [ (104) ] ] , [ [and/] ] or 

5 network based data carriers [[and/]] or network based storage media 

6 [[(104)]] are used. 

1 8. (currently amended) The method according to o n e o f 

2 th e p re c edin g c laims, c hara c t e rized in that claim 1 wherein when a 

3 data carrier [[and/]] or a storage medium [[(104)]] is connected to 

4 a multifunctional interface [[and/]] or a multifunctional bus, in 
s parti c ula r sl o t, USB -por t, and the like, the functionality of the 
6 interfaces [[and/]] or the buses is maintained and an encryption 
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7 [[(105)]] is only performed on [[the]] data streams [[(130, 131)]] 

s that are further transmitted to the interface [[and/]] or the bus 

9 for storing the data. 

1 9. (currently amended) The method according to o n e o f 

2 the p r ece din g c laims , c ha r a c t e rized in that claim 1, further 

3 comprising the steps of 

4 performing an analysis of the interface [[and/]] or the 

5 bus to which a data stream [[(130, 131)]] shall be transmitted » 

6 p e rform e d and [ [that] ] 

7 taking the analysis is tak e n into account for 

e establishing the classification on the basis o f c rit er ia that c an 

9 be d e t e rmin e d, in p arti c ular o n th e basis of the physical 

10 connection [[and/]] or the properties of the devices. 

1 10. (currently amended) The method according to o ne o f 

2 the p r ece din g c laims, c ha r a c terized in that claim 1 wherein 

3 cryptographic methods for encryption are applied , in p arti c ular 

4 th e Rijnda e l al gor ithm . 

1 11. (currently amended) The method according to o n e o f 

2 the p r ece din g claims , cha r a c t e rized in that claim 1 wherein the 

3 encryption is performed in s e v e ral st e ps, in p arti c ula r in that 

4 aft er performin g accordance with a first cryptographic method, the 



- 6 - 



Atty's 23697 



Pat. App. 10/589,476 



5 data en c ry p t e d by th e first m e th o d and thereafter is again 

6 encrypted by means of a second cryptographic method. 

1 12. (currently amended) The method according to o n e o f 

2 th e pr ece din g c laims , c ha r a c t e rized in that claim 1, further 

3 comprising the step of . during a reading process from a data 

4 carrier [[and/]] or storage medium [[(104)]] that is at least 

5 partially encrypted, 

e performing a decryption of the data is p e rformed . 

1 13. (currently amended) The method according to o n e o f 

2 th e p rec e din g c laims, c ha r a c t er i z ed in that claim 1, further 

3 comprising the step of 

4 preventing encryption of the data by using hardware with 
s an integrated key [[and/]] or by using a password [[and/]] or by 

6 recognizing and controlling biometric data of a user , an 

7 en c ry p ti o n (105) o f data c an b e p r e v e nt e d . 

1 14. (currently amended) The method according to claim 

2 13 , c hara c t e ri ze d in that , further comprising the step of 

3 preventing the encryption (105) c an be prev e nt e d only at 

4 predetermined times. 
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1 15. (currently amended) The method according to o n e of 

2 th e p r e c e din g c laims, c hara c t e riz e d in that claim 1 wherein for the 

3 encryption [[(105)]], keys [[(300)]] are used that are formed by 

4 combination of different parts [[(301, 302, 303)]], whereby in 

5 particular several computer systems [[(11, 12, 13)]] can be 

e combined in groups [[(10)]], the keys [[(300)]] of a group [[(10)]] 

7 of computer systems [[(11, 12, 13)]] having a common part [[(301)]] 

a as well as a respective individual part [[(302)]]. 

1 16. (currently amended) The method according to o n e o f 

2 th e prece din g c laims, chara c teri ze d in that claim 15 wherein the 

3 key [[(300)]] that is to be applied for the encryption and 

4 decryption [[(105)]] can be determined [[and/]] or stored in a data 
s base for being requested [[and/]] or is integrated in a hardware 

6 [[and/]] or is determined from biometric data of a user by using an 

7 algorithm. 

1 17. (currently amended) The method according to o n e o f 

2 th e p r ece din g c laims, c haract e rized in that claim 1 wherein actions 

3 that are performed by means of the computer system (11, 12, 13), 

4 su c h as st or in g and/ o r re adin g o f data, are recorded. 
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1 .18. (currently amended) The method according to o n e o f 

2 th e p r ece din g c laims , c ha r a c t e riz e d in that claim 1 wherein the 

3 computer system [[(11, 12, 13)]] has an operating system that at 

4 least distinguishes between a kernel mode [[(100)]] and a user mode 

5 [[(200)]], the method being at least partially implemented in the 

6 kernel mode [[(100)]]. 

1 19. (currently amended) The method according to o n e o f 

2 th e pr e c edin g c laims, c hara c te r iz e d in that claim 1 wherein a logic 

3 combination of several computer systems [[(11, 12, 13)]] within a 

4 group [[(10)]] is performed, wherein within the group [[(10)]] the 

5 cryptographic encryption [[(105)]] is mutually suspended, wherein 

6 the cryptographic encryption [[(105)]] is maintained with respect 

7 to external sources. 

1 20. (currently amended) The method according to o n e o f 

2 th e pr e ce din g c laims, c ha r a c t e riz e d in that claim 1 wherein during 

3 access on a data carrier [[and/]] or storage medium [[(104)]], it 

4 is determined whether an encryption [[(105)]] of all blocks of the 

5 data carrier/ storage medium. [[ (104) ] ] or an encryption [[(105)]] of 
e all files [[(50)]] on the data carrier/ storage medium [[(104)]] or 

7 an encryption [[(105)]] of several files [[(50)]] is present, and 

a that an encryption of the requested data is performed. 
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